mm: gup: retain synchronicity of concurrent FOLL_LONGTERM R/O pins on SWP_STABLE_WRITE
David reported a SMP race condition discovered upstream, might affect
downstream too. This is related to SWP_STABLE_WRITE potentially
causing an extra COW that shouldn't have happened.
Only swapping over zram, raid5 or blk-integrity or similar storage
that would set SWP_STABLE_WRITES could trigger it, even then it's an
almost impossible to trigger SMP race condition in real life. The only
defect is a FOLL_LONGTERM R/O GUP pin, if taken concurrently with
heavy swapout activity on the aforementioned storage devices requiring
stable writes, could lose synchronicity.
Short term R/O GUP pins are always fine to see the only the current
snapshot of the memory even if do_wp_page replaces the page later, so
they wouldn't be affected by SWP_STABLE_WRITES.
This has never been reproduced except in synthetic testing and it was
found upstream through code review only.
NOTE: this problem already could happen before the GUP/COW fixes and
it could have affected RDMA GUP pins well before gup_must_unshare and
the COR fault were introduced, but thanks to gup_must_unshare and the
COR fault, we can now correct this longstanding defect for good.
Fixes: f05714293a59 ("mm: support anonymous stable page")
Reported-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Andrea Arcangeli <aarcange@redhat.com>
3 files changed
